Dallas Security-DLP User Group

I've been Beta testing the latest IT Analytics pack for SEP and I was just told it is now released and available for download. The latest IT Analytics for SEP pack includes many more cubes, reports, and dashboards compared to the previous release. You can now view and report on just about anything within SEP from HIPS events to Policy Exceptions. 

If you are running SEP 12.1 you will be happy to know that SONAR and INSIGHT detection cubes and reports are now available in this release.

A few screen shots included below:

Can these break out individual machines/IPs or is it just a high level view?

All have drill down capabilities and you can get all of the details. Most if not all are basically linked to the reports you see in screenshot 1

By the way if your using custom IPS signature please refer to the article I just submitted to make sure the alerts appear in Analytics. It's a simple fix but took me all day to figure out during my testing. Hopefully it saves others from banging their head against the wall ;)

https://www-secure.symantec.com/connect/articles/how-make-custom-sep-ips-signatures-show-it-analytics-reporting-sep

Thanks for writeup, its nice!! 

A great addition to this latest refresh of the ITA pack for SEP is the addition of some granular IPS reporting capabilities.

These can for example, allow you to quickly and clearly see who are my most risky users outside the corporate perimeter, what attack types are most commonly hitting our machines, is there anything 'phoning home' that we should be aware of, etc.

I've attached some further screenshots in case you are interested. Lastly, worth noting that ITA can also snap in to the Symantec Protection Center 2.0 console, which increase the power of your centralised mgmt and reporting capabilities even further.

By the way I forgot to mention that out of the box IT Analytics won't look like some of my screen shots. It's close but I did make some minor changes to the rdl files to display newer looking color palette and a few other things.

I can attach the modified rdl files if your interested.

Hi.

Please attach the RDL. I like the look of your screenshots.

What version are you exactly using? the RDL modifications look great. Attach please.

Sorry for the delay in response. I'm still trying to figure out if I can post the RDL's without violating any licensing agreements with Symantec or Bay Dynamics.

In the meantime I will work on step by step instructions on how to edit them and create new ones. This would be more helpful anyways as it allows you to customize everything to fit your needs. The changes I made in the examples are very easy and take very little time.

Looking forward for your guide :-) 

I am trying to install IT Analytics for a customer but its failing to install NS server. Haven't got time to troubleshoot it. 

But I am really looking forward to install it as the customer has more than 60k clients so it would be very useful.

Well the first machine where I was trying to install it was failing as it was not able to create the share. That server was a hardened server.

So I selected a 2nd machine my bad luck it was a 2003 64 bit machines..after installing .net and asp I found only 2k8 R2 is supported for 64 bit platform. Currently I am waiting for a 2k3 32bit non-hardened server.

Once I get that I'll try again.